With the arrival of National Cybersecurity Awareness month, now is a good time to think about the measures we should all be taking to improve our security practices. This is all the more important with so many people continuing to work from home. Security Operations teams need to educate employees about the risks to vital enterprise assets.
Here are a few things to keep in mind when it comes to security:
- Kids can be a risk factor. While it is not a typically recommended cybersecurity practice, some people do allow their children to use their office laptops while at home. This can expose sensitive enterprise data to cyber infiltration, theft, or compromise. Being certain that technical controls are in place, patches applied, and that data is always encrypted is the first line of defense. This is particularly important because while we may be savvy enough to avoid falling for phishing and other cybersecurity threats, our children may unsuspectingly click on a malicious link, exposing the laptop and the network to an attack. The same risk exists with mobile devices. Kids often use their parent’s smart phones, which could expose sensitive business data such as contacts, should a downloaded app or movie be used to surreptitiously steal information (such as all your business contacts–free is not free).
- Build audit/governance processes for third-party partners and vendors. Nearly every enterprise has third-party software installed within their network. For this reason, it is important to review how your supply chain interconnects and evaluate the strength of cybersecurity hygiene within partners and vendors. Obviously, it is not possible to vet every aspect of a partner’s cybersecurity practices and processes, which is why it’s also crucial to put safeguards in place within your own systems. Running next-generation security tools that leverage packet data can provide insights into possible incursions and changes to networks and infrastructure, offering early alerts to security and network operations teams.
- Make risk assessment part of your change management process. Because most enterprises frequently upgrade systems and add to their networks, it is imperative to make sure those changes are reflected in your security solutions. Part of the change management process should include a cybersecurity risk assessment to ensure security concerns are addressed and patches made before the changes occur. A regular security audit is also highly advisable to uncover missed vulnerabilities. Fortunately, there are good automated tools available today that can help with this extensive auditing process.
- Re-evaluate your company’s risk profile. Due to the shifting dynamics of the workplace brought on by the pandemic, enterprises should regularly reassess their risk profiles to determine where major risks exist. The enterprise risk assessment process typically occurs once a year, but given the pace of change and the growing threat horizon, businesses might be well advised to conduct more frequent evaluations to stay ahead of potential threats and keep up with new security approaches and advanced solutions.
While cybersecurity threats are never going to go away, the good news is that measures being employed around the world to combat attacks are working. For every news story that reveals a high-profile attack, incursion, or theft, there are countless others that were thwarted because good cybersecurity hygiene practices were employed and effective tools were deployed to identify, isolate, and prevent the threat. Though they won’t garner any headlines, thousands of companies and cybersecurity professionals are winning battles each and every day. That should give hope to everyone.
Learn more about modern cybersecurity strategies